U.S. patent application number 10/473815 was filed with the patent office on 2004-07-29 for methods for protecting a smart card.
Invention is credited to Dischamp, Paul.
Application Number | 20040145339 10/473815 |
Document ID | / |
Family ID | 8861838 |
Filed Date | 2004-07-29 |
United States Patent
Application |
20040145339 |
Kind Code |
A1 |
Dischamp, Paul |
July 29, 2004 |
Methods for protecting a smart card
Abstract
The invention concerns a method for protecting an electronic
entity such as a smart card, against simple/differential power
analysis, by integrating a current accumulator in said entity. The
invention in characterised in that the current accumulator (19)
powers a processor (P) via a multiplexer (20) when said processor
is loaded to execute so-called sensitive programs.
Inventors: |
Dischamp, Paul; (Paris,
FR) |
Correspondence
Address: |
YOUNG & THOMPSON
745 SOUTH 23RD STREET 2ND FLOOR
ARLINGTON
VA
22202
|
Family ID: |
8861838 |
Appl. No.: |
10/473815 |
Filed: |
March 12, 2004 |
PCT Filed: |
March 27, 2002 |
PCT NO: |
PCT/FR02/01058 |
Current U.S.
Class: |
320/101 |
Current CPC
Class: |
G06K 19/07363 20130101;
Y04S 40/20 20130101; G06K 19/0704 20130101; G06F 21/755
20170801 |
Class at
Publication: |
320/101 |
International
Class: |
H02J 007/00 |
Foreign Application Data
Date |
Code |
Application Number |
Apr 2, 2001 |
FR |
01/04453 |
Claims
1. A method of protecting a microcircuit electronic entity such as
a microcircuit card against current analysis attack, of the type
consisting in associating with said microcircuit (15) an energy
store (19) placed inside said entity, characterized in that, during
an exchange of information in which said entity is coupled to a
server (12) adapted to provide it with an electrical power supply
(13), at least a portion of said microcircuit is supplied with
electrical power provided by said energy store during the execution
of predetermined operations by said at least one portion of said
microcircuit, said server supplying electrical power to said
microcircuit during the execution of other operations.
2. A method according to claim 1, characterized in that said energy
store (19) is rechargeable and is charged with electrical energy
supplied by said server (13) when said electronic entity is coupled
thereto.
3. A method according to claim 2, characterized in that the
charging (25) of said battery (19) is commanded outside time
periods in which said battery is used to supply power to at least
one portion of said microcircuit.
4. A method according to claim 2 or claim 3, characterized in that
said battery is at least partly charged with electrical energy
generated by solar means by means of a photoelectric cell (27)
integrated into said electronic entity.
5. A method according to any one of claims 1 to 4, characterized in
that said predetermined operations are executed by a coprocessor
(P.sub.1) supplied with power by said battery (19).
6. A method according to any one of claims 1 to 4, characterized in
that a processor (P) is switched so that it is supplied with power
by said battery (19) when it is executing said predetermined
operations and, during said time periods, said server supplies
power to a decoy circuit (29) which continues to effect
operations.
7. An encrypted access electronic entity comprising a microcircuit
(15) and means (16a, 16b) for coupling the latter to a server (12)
itself provided with electrical power supply means (13) for
supplying power to said microcircuit via said coupling means,
characterized in that it further includes an integrated energy
store (19) and selector means (20) adapted to switch the power
supply of at least a portion of said microcircuit to said energy
store when predetermined operations are being executed by said at
least one portion of said microcircuit.
8. An electronic entity according to claim 7, characterized in that
said selector means include a multiplexer (20) or the like
controlled by a processor (P) of said microcircuit, said
multiplexer has two inputs, one of which is connected to a contact
terminal (16a) for the connection to the electrical power supply
means of said server and the other of which is connected to said
energy store (19), an output of said multiplexer is connected to an
electrical power supply line (22) of said processor, and said
multiplexer is commanded by said processor to effect said selection
between the electrical power supply means of said server and said
energy store.
9. An electronic entity according to claim 8, characterized in that
a circuit (25) for charging said energy store is connected between
said contact terminal (16a) and said energy store (19) and said
charging circuit is commanded by said processor (P) to charge said
energy store when said at least one portion of said microcircuit is
being supplied with power via said server.
10. An electronic entity according to claim 8, characterized in
that it includes a photoelectric cell (27) connected to charge said
energy store.
11. An electronic entity according to claim 9 in conjunction with
claim 10, characterized in that said photoelectric cell (27) is
connected to said charging circuit (25).
12. An electronic entity according to claim 7, characterized in
that said microcircuit includes a main processor (P.sub.0) and a
coprocessor (P.sub.1), the latter being dedicated to execution of
said predetermined operations, and said coprocessor (P.sub.1) is
supplied with power by said energy store (19) via said selector
means.
13. An electronic entity according to claim 7, characterized in
that said microcircuit includes a decoy circuit (29) connected to
said coupling means to be supplied with power directly by said
server and said decoy circuit is commanded to execute operations
when said at least one portion of said microcircuit is being
supplied with power by said energy store.
Description
[0001] The invention relates to a method of protecting an
electronic entity including a microcircuit, in particular a
microcircuit card with encrypted access, said protection being
aimed more particularly at forms of attack known as "current
analysis". The invention also relates to an electronic entity
including a microcircuit, in particular a microcircuit card with
encrypted access, equipped with means for obtaining the protection
offered by said method.
[0002] The person skilled in the art knows that some electronic
entities with encrypted access, in particular microcircuit cards,
are vulnerable to certain forms of attack based on analyzing
certain parameters during a phase of their operation. It is said
that information can "leak" from a computation carried out in said
electronic entity (the card), typically the execution of a
cryptographic protocol instigated by a fraudster in illegal
possession of the card. The parameters analyzed during the
execution of this kind of protocol can typically be computation
time differences or differences in electromagnetic radiation during
execution of the computation, but above all are the current
consumed by the electronic entity itself during the execution of a
cryptographic protocol.
[0003] Thus a standard attack consists in having the electronic
entity that has fallen into the hands of the fraudster execute a
certain number of cryptographic protocols based on random messages,
which are therefore bound to fail, but cause the entity (the
microcircuit card) to execute each time a cryptographic algorithm,
for example the DES (DATA ENCRYPTION STANDARD) algorithm, and
analyzing the current consumed during each execution of said DES
algorithm. The object of this attack is to discover the secret key
of said entity. The DES algorithm is very widely used at present in
the field of bank cards, SIM (GSM) cards, pay per view television
access cards, and access control cards.
[0004] In the case of fraud, i.e. when the fraudster has the card
and is seeking to determine the key, the fraudster can connect said
card to a reader by means of which he can transmit messages to it
and connect it to means for recording the current consumed by the
microcircuit during the execution of the operations that it carries
out. The fraudster instigates multiple execution of the DES
algorithm and the current consumption is detected and memorized
each time. From all of this data, and in particular from the
current consumption measurements, it is possible to mount attacks
whose principle is well known. These SPA-DPA (Simple Power
Analysis/Differential Power Analysis) attacks can reconstitute the
key of the electronic entity.
[0005] In a paper presented on 17 Aug. 2000 at the CHES 2000
conference and published by SPRINGER under the No. 1965, the use of
a battery integrated into the electronic entity to supply power to
the microcircuit is envisaged. However, the author of the paper
finishes by setting aside this solution, deeming it somewhat
impractical and difficult to put into practice. The invention
solves the problems referred to by the author of this paper.
[0006] To be more precise, the invention provides a method of
protecting a microcircuit electronic entity such as a microcircuit
card against current analysis attack, of the type consisting in
associating with said microcircuit an energy store placed inside
said entity, characterized in that, during an exchange of
information in which said entity is coupled to a server adapted to
provide it with an electrical power supply, at least a portion of
said microcircuit is supplied with electrical power provided by
said energy store during the execution of predetermined operations
by said at least one portion of said microcircuit, said server
supplying electrical power to said microcircuit during the
execution of other operations.
[0007] The aforementioned energy store can be a battery, preferably
a rechargeable battery. In this case, the battery can be charged on
each transaction, i.e. each time that the electronic entity is
coupled to a server capable of supplying to it the necessary
electrical energy. The microcircuit is preferably designed and
programmed to command charging of the battery outside time periods
in which it is being used to supply power to the microcircuit or
the portion of the microcircuit responsible for executing said
predetermined operations. Instead of this, or in addition to this,
said battery can be charged with solar energy by means of a
photoelectric cell integrated into the electronic entity. In the
current state of the art it is possible to envisage integrating
into the thickness of a card at least one battery or rechargeable
battery and also a photoelectric cell.
[0008] The aforementioned predetermined operations during which the
microcircuit or a portion thereof is supplied with power internally
and not by the server to which the electronic entity is connected
(which could in fact be a device designed to break the secret codes
of the card) are all exchanges of "sensitive" information, during
which confidential data is exchanged. These operations are, for
example, cryptographic algorithms during which keys are used or
exchanged, the procedure for verifying the PIN, etc.
[0009] Alternatively, said predetermined operations can be executed
by a coprocessor supplied with power by said battery while other
operations are executed by a main processor supplied with power by
said server. Another solution is to switch a main processor so that
it is supplied with power by said battery while it is executing
said predetermined "sensitive" operations, during which time
periods said server supplies power to a decoy circuit, which
continues to carry out operations and therefore to simulate
consumption of current. However, the simulated current consumption
is independent of the sensitive predetermined operations that are
being executed at that time. This makes it impossible to recover
sensitive data such as cryptographic keys, the PIN, etc. from a
recording of the power supply current. Because the necessary
current is being supplied by a battery or a rechargeable battery
situated inside the electronic entity including the microcircuit,
no information of interest relating to the operating status of the
processor can "leak" out of the card, via the analysis of the
current supplied by the server.
[0010] Even if the electronic entity is equipped with a simple
non-rechargeable battery, the service life thereof is relatively
long since said battery is used only to execute small program
portions and not for all of the operations constituting a
transaction between said electronic entity and the server. The use
of a decoy or a coprocessor prevents an attacker from being able to
determine the times at which the sensitive portions of the program
are executed since, during those time intervals, the microcircuit
continues to carry out operations, consuming current supplied by
the external server.
[0011] The invention also provides an encrypted access electronic
entity comprising a microcircuit and means for coupling the latter
to a server itself provided with electrical power supply means for
supplying power to said microcircuit via said coupling means,
characterized in that it further includes an integrated energy
store and selector means adapted to switch the power supply of at
least a portion of said microcircuit to said energy store when
predetermined operations are being executed by said at least one
portion of said microcircuit.
[0012] In one embodiment, said selector means include a multiplexer
or the like controlled by a processor of said microcircuit. The
multiplexer has two inputs, one connected to a contact terminal for
the connection to the electrical power supply means of said server
and the other connected to said energy store. An output of said
multiplexer is connected to an electrical power supply line of the
processor. The processor commands the multiplexer to make the
selection between the electrical power supply means of said server
and said energy store integrated into said electronic entity.
[0013] The aforementioned contact terminal is one of the electrical
contact regions that are usually found on the surface of a
microcircuit card of the bank card or access control card type.
However, some cards can be equipped with an antenna adapted to be
coupled to an antenna situated in the server. The antenna system is
used both for exchanging information and for supplying sufficient
electrical energy to power the microcircuit. The invention also
applies to this type of card, and in this case one of the inputs of
the multiplexer is connected to a power supply circuit receiving
its energy from the antenna integrated into the electronic entity
(the card).
[0014] The invention will be better understood and other advantages
of the invention will become more clearly apparent in the light of
the following description of embodiments of an electronic entity
protected by implementing the concept explained hereinabove, which
description is given by way of example only and with reference to
the appended drawings, in which:
[0015] FIG. 1 is a diagrammatic view in section of a microcircuit
card connected to a server and equipped with the improvement
according to the invention;
[0016] FIG. 2 is a block diagram of a first embodiment of an
electronic entity according to the invention;
[0017] FIG. 3 is a similar block diagram, showing another
embodiment; and
[0018] FIG. 4 is another block diagram, showing a further
embodiment.
[0019] Referring more particularly to FIG. 1, there is shown an
electronic entity in the form of a microcircuit card 11 equipped
with the improvement according to the invention and shown connected
to a server 12 including an electrical power supply adapted to
supply the electrical energy 13 necessary for the microcircuit
housed in a cavity in the card to function. In the conventional
way, the microcircuit 15 is accessible from the outside via a
number of metal connection regions flush with the surface of the
card. One of these regions constitutes a contact terminal 16a
connected to one pole of the power supply 13 via a rubbing contact
member. Another connection region constitutes a contact terminal
16b connected to the other pole of the power supply (connected to
ground). The other connection regions enable exchange of
information between the microcircuit and the server.
[0020] According to a noteworthy feature of the invention, a
battery or a rechargeable battery 19 is accommodated within the
thickness of the card. Moreover, the microcircuit includes selector
means, for example essentially constituted of a multiplexer 20 or
the like. The multiplexer is connected both to the contact terminal
16a intended to be connected to the electrical power supply of the
server 12 and to one pole of the battery 19 housed within the
thickness of the card. The other pole of the battery is connected
to ground.
[0021] FIG. 2 shows in more detail the general arrangement of the
microcircuit 15 and its connection to one pole of the battery 19.
In the FIG. 2 example, the microcircuit essentially consists of a
processor P, a memory unit M, and a multiplexer 20 with two inputs
and one output. In FIGS. 2 to 4, power supply electrical
connections are shown in continuous line and control or information
exchange connections are shown in dashed line. One input of the
multiplexer is connected to the contact terminal 16a and the other
input is connected to one pole of the battery 19. The multiplexer
constitutes selector means adapted to switch the power supply of at
least one portion of the microcircuit 15, in this instance the
whole of the processor P, to the integral battery 19 when
predetermined operations are being executed by the processor. The
predetermined operations in question are the sensitive operations
defined hereinabove. The output of the multiplexer is connected to
an electrical power supply line 22 of the processor. Moreover, the
multiplexer (20) is controlled by the processor P (control
connection 23) to select either the electrical power supply 13 of
the server or the battery. In the FIG. 1 example, the battery 19
can be a simple non-rechargeable battery. The long service life of
the battery is the result of the fact that it supplies power to the
processor for only a small portion of the operating time of the
card, i.e. when the latter is effecting sensitive operations. For
all other operations, the processor is supplied with power by the
power supply 13 of the server, via the contact terminal 16a and the
multiplexer 20, which is set accordingly by a control signal
applied via the control connection 23. In the FIG. 3 embodiment,
items analogous to those of FIG. 2 are identified by the same
reference numbers. In this variant, the microcircuit further
includes a circuit 25 for charging the battery 19, which is
rechargeable. The charging circuit 25 is connected between the
contact terminal 16a and the battery 19. It is commanded by the
processor P to recharge the battery when the processor is being
supplied with power via the server, i.e. by the power supply 13.
Advantageously, although this is not obligatory, the card also
incorporates a photoelectric cell 27 connected to charge the
battery 19. Here this photoelectric cell is connected to the
charging circuit 25, which regulates the current, but it is not
obligatory for selection of the photoelectric cell 27 to be
controlled by the processor. The photoelectric cell can be
connected to charge the battery at least partially when it receives
sufficient illumination.
[0022] According to another advantageous feature, the microcircuit
15, and more particularly the microprocessor P, can include a decoy
circuit 29 that is directly connected to the server coupling means,
i.e. to the connection terminal 16a. This decoy circuit is
commanded to execute operations when the remainder of the
microcircuit or at least the portion thereof which executes said
predetermined operations is being supplied with power by the
battery 19.
[0023] In a further embodiment, shown in FIG. 4, the microcircuit
15 includes a main processor P.sub.0 and a coprocessor P.sub.1. The
latter is dedicated to the execution of said predetermined
operations. Moreover, in this example, the multiplexer 20a has two
inputs and two outputs, forming a kind of double-pole switch, one
of the switch poles being open when the other is closed, and
vice-versa. The contact terminal 16a is connected to one of the
inputs and the corresponding output is connected to the electrical
power supply line 22a of the main processor. One of the terminals
of the battery 19 is connected to the other input and the
corresponding output is connected to the power supply line 22b of
the coprocessor P.sub.1. The main processor and the coprocessor are
associated with a memory unit M. One of the two processors, for
example the main processor, controls the selector means via a
control connection 23. Thus the coprocessor is supplied with power
only by the battery via the selector means.
[0024] Simplifying the FIG. 3 embodiment by connecting the power
supply line 22a of the processor P.sub.0 directly to the contact
terminal 16a can be envisaged. The multiplexer 20a is then
equivalent to a simple switch controlled by the processor P.sub.0.
In this case, it is advantageous for the processor P.sub.0 to
continue to execute operations (act as a decoy) when the
coprocessor P.sub.1 is in service.
* * * * *